294 INDEX
porting exploits to Metasploit, 215–233
assembly languages, 216
buffer overflow exploits, 216–226
adding randomization, 222–223
completed module, 224–226
configuring exploit definition,
219–220
implementing features of the
Framework, 221–222
removing dummy shellcode,
223–224
removing NOP Slide, 223
stripping existing exploit, 218–219
testing base exploit, 220–221
SEH overwrite exploit, 226–232
port scanning with nmap, 18–20, 76
portscan syn module, 26
post exploitation
modules for Meterpreter, 95
phase of PTES, 3–4
Postfix mail server, 260
PostgreSQL database, 20
postgres username, in PostgreSQL
database, 20
POST parameter attack, Microsoft SQL
injection, 166–167
POST parameters, 148
PowerShell, 185, 189–190, 192–194
powershell_upload_exec function, 191
pre-engagement interactions, 2
print_error() function, 242
printing output, for Meterpreter scripts,
241–242
print_line() function, 241
print_status() function, 241
priv extensions, 86
privilege escalation, 85–87, 119
privilege-escalation attack, 110
PRNG exploit, 262
Process Explorer, Windows, 105
process ID (PID), 236
ProFTPD 1.3.1, 259
protection mechanisms, 283
Protocols for SQLEXPRESS option,
SQL Server Configuration
Manager window, 270
Protocol tab, SQL Server Configuration
Manager window, 270
ps command, 81–82, 87–89, 180, 278
PTES (Penetration Testing Execution
Standard). See Penetration Test-
ing Execution Standard (PTES)
PureBasic language, 54
PUT method, HTTP, 261, 264
PuTTY Windows SSH client, 106
Q
query string attack, Microsoft SQL
injection, 165–166
Query String Parameter Attack
option, 165
Quick TFTP Pro 2.1, 226
R
Railgun add-on, manipulating Windows
APIs with, 97
rainbow table attack, 84
random characters, 229, 230
random dynamic port, TCP, 27
random payload name, 193
rand_text_alpha_upper buffer, 223
Rapid7, 37
RATTE (Remote Administration Tool
Tommy Edition), 161
raw hexadecimal format, convert
executable to, 192
RDP (Remote Desktop Protocol), 257
read-only (RO) community string, 30
read/write (RW) community string, 30
reboot command, 279
reg command command, 278
regedit, 95
registry keys, 95
registry manipulation, 243
Remote Administration Tool Tommy
Edition (RATTE), 161
Remote Desktop Protocol (RDP), 257
remote GUI (VNC), getting, 283
Remote Procedure Call (RPC)
service, 59
reporting phase of PTES, 4
Reports tab
Nessus, 45, 48
NeXpose home page, 37, 40, 42
Required column, 52
resource command, 72
resource files, for exploitation, 72–73
resource karma.rc command, 180
resource.rc file, 72
restrictions for SEH, 204–206
rev2self command, 87, 278
reverse Meterpreter payload, 145, 156